• State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 25 subscribers
  • Views 263 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Cirrus - Security

Grabowski
I am trying out the new Cirrus tool, and I am pretty pleased with it although I have only just scratched the surface so far.

My concern is this: Passwords and community strings can be encrypted, the application itself can prompt for a password when launched and SSH can be used for transfer of configurations and inventories....

All this is of course done to protect these very sensitive data, but I am wondering how safe these data will be once they have been moved over to the SQL database (or Access for that matter) and basically are nothing more than a flat text file in a standard SQL database.

I really don't know much about database security, but I am hoping that somebody can give me some pointers on how to best deal with this.

Lars Grabowski
Global Infrastructure
Chr. Hansen A/S
  • 0
    Grabowski,
    The passwords and usernames can also be encrypted WITHIN the database. Open the Settings Dialog by selecting File->Settings.
    Then from the "Security" group (2nd from the top). Check the "Encrypt Passwords in the database" and "Encrypt Usernames in the database". This will encrypt these database fields.

    The Login information is now stored in an encrypted format, but... the configs themselves are still in plain text with the database. We are considering encryption of the configs within the database also.
  • 0
    Grabowski,
    It will really depend on whether you are using Access or SQL for your backend. MS SQL Server has great database security, so I would not worry about someone compromising that data. It is not really stored as text on the server side.

    Then again, it is only as good as the person running the SQL Server to begin with. If they have an sa account with no password, then no, it is not very secure.

    As for Access, then it will not be as secure.

    I would rather not have the data encrypted inside SQL Server. I already have some custom applications that I run along side Solarwinds that allow me to use the data that Solarwinds gathers. If the data was encrypted, I would be out of luck.

    Marks
  • 0
    salyerma,
    Thanks for the feedback. That's good to know.

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.